Forum Discussion

Helper

2 years ago

Use Message body

Hi everyone! I'm currently trying to create a custom component, the goal is to display specific messages using a condition. I have the correct QUERY but I don´t know how to use/render the response....

MattV
2 years ago
Freemarker auto escaping is turned on for your community. This is a great security measure to prevent arbitrary code from executing on your community.

More details on freemarker auto escape: https://freemarker.apache.org/docs/dgui_misc_autoescaping.html

The safest option is to work around this by removing the HTML markup from the response, and render the text as plain text.

You can also see from that freemarker doc that you can use ?no_esc to prevent escaping on that variable.

BE CAREFUL doing that, especially on the message subject. The message body is USUALLY protected by HTML permissions and prevents users from posting unsafe HTML. But it shouldn't be assumed to be fool-proof.

DO NOT ?no_esc the message subject. The message subject allows arbitrary HTML regardless of HTML permissions in community. Core components escape the subject, but the API does not do this for you, so someone can put javascript in the message subject, and it would execute if you do ?no_esc on it.

Some characters get double-escaped, such as " appearing as &quote; , so you may want to add some fixes such as ?replace('&quote;','"') on the message subject so safe characters like that still appear as desired

alfozaav

Helper

2 years ago

Hi MattV, thank you for your help!

Is there a way to add existing classes /styles to the message body or message itself?

MattV
Khoros Staff
2 years ago
I'm not sure I understand the question. What exactly are you trying to accomplish?
- alfozaav
  Helper
  2 years ago
  I'm trying to create a component that shows articles/messages from a custom source (we're using LiQL 2.0).
  We're getting the response but we want it to look similar to the image, so my question is:
  Is there a way to grab existing site styles and apply them to the custom component?
  Do I have to do all the styling by my own?
  - MattV
    Khoros Staff
    2 years ago
    That looks like it's from the Hermes community activity feed.
    
    It's using the renderMessage macro from the macro file theme-lib.message-macros.
    
    Usage would look something like
    
    <#include "theme-lib.message-macros.ftl" /> ... <#assign query = "SELECT id, tags, labels, conversation.solved, conversation.last_post_time, conversation.last_post_time_friendly, user_context.read, images, board.id, board.title, board.view_href, teaser, body, post_time_friendly, subject, author.login, author.view_href, author.avatar.profile, author.rank.name, author.rank.color, author.rank.bold, post_time, view_href, kudos.sum(weight), replies.count(*), metrics.views, conversation.solved FROM messages WHERE message.id = '1'" /> <#assign msg = (liql(query).data.items)![] /> <#if msg?has_content> <@renderMessage msg /> </#if>

Forum Discussion

Use Message body

Related Content

Messages and Categories

Add Message body to KudosMessagePage

Changing Font for Message Body - Difficulty? Best practices?

Data on Private Messages

Escalate a message with API

Recent Discussions

Can someone walk me through authenticating and using Postman with Aurora?

Seeking Advice on Restricting Access to a posts to those who have the permalink.

TinyMceEditor is undefined

400/404 error on POST request

How do I get the article ID in Freemarker in a TkbArticle?